Get-Acl from Different Domains Get-Acl from Different Domains powershell powershell

Get-Acl from Different Domains


powershell

You should use New-PSDrive to create new AD query provider, instead of default one AD:. Then you will query that new drive and not default one.For example:

New-PSDrive -Name AD2 -PSProvider ActiveDirectory -Server 'DC.medco.com' -root "//RootDSE/"$Group = 'AD2:' + (Get-ADgroup $_ -Server Medco).distinguishedname(Get-Acl $Group).access |. . .

In case you want to dynamically assign server, you can use something like

(Get-ADDomainController -DomainName 'medco.com' -Discover).hostName

and if needed, domain name you can get from existing distinguishedname

If you have more than two domains, then you should use Remove-PSDrive before setting new one with the same name. Best would be to group AD groups per domain to minimize adding/removing commands.

powershell

This can help, but be sure to include the -Identity and the -Server parameters as well to ensure you get the right results. I did this for Get-ADComputer, but it can also work for Get-ADObject:

New-PSDrive -Name AD2 -PSProvider ActiveDirectory -Server 'my.other.subnet.net' -root "//RootDSE/"    $Group = 'AD:' + (Get-ADComputer -Identity 'FakeComputer-01' -Server 'my.other.subnet.net').distinguishedname    (Get-Acl $Group).access

Sometimes not including the other parameters will still return an error.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last